Communities

Writing
Writing
Codidact Meta
Codidact Meta
The Great Outdoors
The Great Outdoors
Photography & Video
Photography & Video
Scientific Speculation
Scientific Speculation
Cooking
Cooking
Electrical Engineering
Electrical Engineering
Judaism
Judaism
Languages & Linguistics
Languages & Linguistics
Software Development
Software Development
Mathematics
Mathematics
Christianity
Christianity
Code Golf
Code Golf
Music
Music
Physics
Physics
Linux Systems
Linux Systems
Power Users
Power Users
Tabletop RPGs
Tabletop RPGs
Community Proposals
Community Proposals
tag:snake search within a tag
answers:0 unanswered questions
user:xxxx search by author id
score:0.5 posts with 0.5+ score
"snake oil" exact phrase
votes:4 posts with 4+ votes
created:<1w created < 1 week ago
post_type:xxxx type of post
Search help
Notifications
Mark all as read See all your notifications »
Q&A

Comments on How can I restrict filename characters?

Parent

How can I restrict filename characters?

+5
−0

Suppose I want to limit what characters are allowed in filenames. For example, I want file creation to fail if there is a \n in the name.

Is there a way to enforce this?

If it matters, I prefer an answer for Arch Linux.

History
Why does this post require attention from curators or moderators?
You might want to add some details to your flag.
Why should this post be closed?

1 comment thread

What operating system? (5 comments)
Post
+0
−1

A file can be created by the human user directly interacting on the laptop, or indirectly by a program.

In principle, you cannot detect statically all file creation calls in a software (even if you have access to its source code), because of Rice's theorem.

In practice, you could (with a lot of efforts) customize your user interface (e.g. graphical desktop, like GNOME) to limit in most (but not all) cases what the user is permitted to create interactively.

You could even (in theory) design your own operating system which has no files at all (but persistent objects). See the old Tunes project.

History
Why does this post require attention from curators or moderators?
You might want to add some details to your flag.

3 comment threads

Customizing user-space programs is inpractical. (3 comments)
Rice's theorem doesn't really apply (2 comments)
Hardware interaction can be blocked (1 comment)
Customizing user-space programs is inpractical.
alx‭ wrote about 1 year ago · edited about 1 year ago

If you modify gnome, an attacker could create files by calling system calls directly.

You need to modify the kernel if you really want to block any software from creating files with certain characters.

matthewsnyder‭ wrote about 1 year ago

Actually, I think a corollary of my question is if you restrict filenames, then what happens when some program you install does try to create one? (granted, in Linux most packages do not have junk in filenames - I doubt if any do)

So you would want to leave a backdoor so that the system can create them when needed, but userspace is prevented from casually creating litter. Thus, absolute control of filenames is not necessary, but the limitations should be reasonable.

But the approach in this question (eg. modifying Gnome file manager) would still not prevent me from accidentally creating litter with something as simple as a touch/xargs pipeline gone wrong.

Although perhaps SELinux or one of the other advanced security frameworks can block it for the user?

alx‭ wrote about 1 year ago · edited about 1 year ago

Since you write the code, you can tell your kernel that no program can create such files. Or maybe you can program it so that only root can create such files. Or maybe programs that have some capability (read https://man7.org/linux/man-pages/man7/capabilities.7.html).

Regarding the question of what happens if a program tries to create such a file, expect something like this (assuming you patch the kernel to return -EINVAL as I suggested):

$ errno EINVAL
EINVAL 22 Invalid argument

(The following is made up; I didn't really patch my kernel to do that; yet.)

$ touch 'foo\n'
touch: cannot touch 'foo\n': Invalid argument

The current open(2) manual page already covers the possibility that certain filesystems may restrict the file names:

     EINVAL
            The final component ("basename") of  pathname  is  invalid
            (e.g.,  it contains characters not permitted by the under‐
            lying filesystem).